#!/usr/bin/python

###########################################################################
#                                                                         #
#     April 2013                                                          #
#                                                                         #
#                                                                         #
#    wwpwn.py is developed by vulnerab0wl                                 #
#                                                                         #
#    hosted on https://code.google.com/p/ww-pwn/ under GNU GPL v3         #
#                                                                         #
###########################################################################


import sys
import httplib
import socket
import datetime
import fileinput


banner = '''
               __      __  __      __        __      __       
              /  \    /  \/  \    /  \______/  \    /  \____  
              \   \/\/   /\   \/\/   /\____ \   \/\/   /    \\
               \        /  \        / |  |_> >        /   |  \\
                \__/\  /    \__/\  /  |   __/ \__/\  /|___|  /
                     \/          \/   |__|         \/      \/ 

                      v1.0
                      
'''


disclaimer = '''
[+] YOU'RE USING THIS TOOL AT YOUR OWN RISK!

[+] It has been developed for informative purposes only, use it against\n    a website where you allowed to perform scans and security assessments,\n    I will not be responsable of the usage you make of this tool.

[+] By accepting this disclaimer you claim that you know what you are doing\n    and that you are fully responsable for it..


'''


usage = '''
[+] Run command directly from command line
    $ python wwpwn.py <url> (specify the url WITHOUT http:// before it)
    
    working example: $ python wwpwn.py www.example.com
    
    By default all the interesting staff found will be collected\n    in a html file in the current local folder

[+] Take a look at the disclaimer
    $ python wwpwn.py disclaimer
    
[+] Show info about authors
    $ python wwpwn.py credits
    
[+] Show general help and usage information
    $ python wwpwn.py help
    
    
'''


credits = '''
Author           ---> vulnerab0wl <---



Website           ---> http://feedyourhead.atervista.org/ <---


'''


welcome = '''
[+] This is wwpwn, it allows you to find interesting stuff on a website.
[+] Hint: Use 'wwpsn.py help' if you are in trouble.


'''


if  len(sys.argv) == 2 and sys.argv[1].startswith('www'):
    url = sys.argv[1]
        
    print banner+'\n\n'+disclaimer+'    Do you want to proceed? [y/n]'
    
    accept_in = raw_input('[!] Accept: ')
    
    try:
        accept = str(accept_in)
    except:
        print '[!] Something went wrong!'
        print '\n\n[!] Exiting. I\'m off ta-ta..  ^^\n'
        sys.exit(0)
    
    if (accept != 'y'):
        print '[!] I understand..'
        print '\n\n[!] Exiting. I\'m off ta-ta..  ^^\n'
        sys.exit(0)
    

    now = datetime.datetime.now()
    now = str(now)[:10]    
        
    try:
        conn = httplib.HTTPConnection(url)
        conn.request("GET", "/")
        
        print '\n\n\n'
        print '    Trying to get: http://'+url
        
        r1 = conn.getresponse()
        conn.close()
        
        print '    Response: ',r1.status, r1.reason
    
        out = open(now+"_"+url+".html", "wb")
        out.close()
        
        if r1.status == 200 or r1.status == 302:
            print '\n[!] Got it! The main website is up and running..\n\n\n'
            
            outa = open(now+"_"+url+".html", "ab")
            outa.write("<html>\n\t<head>\n\t\t<title>interesting directories found by wwpwn</title>\n\t</head>\n\n<body>\n<font face=\"arial\">\n\t");
            outa.write("<h1><img src=\"utils/pwnd.jpg\" width=\"150\" height=\"150\" /> WWpWn by vulnerab0wl<img src=\"utils/bug-logo-b.png\" width=\"38.7\" height=\"39\"></h1><br />");
            outa.write("\n\t<h3>Looking interesting directories for: <strong><font color=\"#367c48\">"+url+"</font></strong></h3><br />\n\n");
        else: 
            print '\n\n[!] Host unreachable. I\'m off ta-ta..  ^^\n'
            sys.exit(0)
            
        
    except (httplib.HTTPException, socket.error) as e:
           print '[!] %s ' % e
           print '\n\n[!] Exiting. I\'m off ta-ta..  ^^\n'
           
           sys.exit(0)
           
    ins = open( "utils/Directories_Common.wordlist", "r" )
    directories = []
    
    for line in ins:
            directories.append( line[:-1] )
    ins.close()
    
        
    for directory in directories:
            
        try:
            conn = httplib.HTTPConnection(url)
            conn.request('HEAD', '/' + directory)
            toturl = 'http://{0}/{1}'.format(url, directory)
            
            print '\n'
            print '    Trying to get: '+toturl
            
            r1 = conn.getresponse()
            
            print '    Response: ',r1.status, r1.reason
            
            conn.close()
    
            if r1.status == 200 or r1.status == 302:
                print '\n[!] Got it! This one could be interesting..\n'
                
                outa.write( "\t<h4><font color=\"#367c48\">/"+directory+"</font> subdirectory found: <a href=\""+toturl+"\">"+toturl+"</a></h4>\n\n");
                
                        
        except (httplib.HTTPException, socket.error) as e:
               print '' #'[!] %s ' % e

    outa.write( "</font></body>\n\n</html>");
    outa.close()
    
    print '\n\n[!] Mission accomplished!\n    an HTML file containing the retrieved content has been created in the\n    current directory..check it out!\n\n[!]Exiting. I\'m off ta-ta..  ^^\n'
    


elif len(sys.argv) == 2 and sys.argv[1] == 'help':
    print banner+usage+'\n[!] Exiting. I\'m off ta-ta..  ^^\n'

elif len(sys.argv) == 2 and sys.argv[1] == 'credits':
    print banner+'\n'+credits+'\n[!] Exiting. I\'m off ta-ta..  ^^\n'
    
elif len(sys.argv) == 2 and sys.argv[1] == 'disclaimer':
    print banner+disclaimer+'\n[!] Exiting. I\'m off ta-ta..  ^^\n'
    
elif len(sys.argv) > 2:
    print banner
    print '[!] You have inserted a wrong number of params, see the usage:\n\n'+usage+'\n[!] Exiting. I\'m off ta-ta..  ^^\n'

else:
    print banner+welcome+usage+'\n[!] Exiting. I\'m off ta-ta..  ^^\n'
